New Relic Agent Control with Terraform makes the large-scale monitoring with New Relic even easier, especially when dealing with multiple Kubernetes clusters. With Terraform and Helm, you can set up New Relic Agent Control in a specified, repeatable, and scalable way across your entire Kubernetes infrastructure.
Prerequisites
Before using this integration in Terraform, ensure you have the following:
- Helm 3: Helm version 3 must be installed on your machine. For installation instructions, see Installing Helm.
- New Relic license key: You'll need a New Relic license key to report telemetry to your New Relic account.
- New Relic user key: You'll need your New Relic user key if you haven't already pulled your
clientIDkey and secret. - User permissions: Your New Relic user has the auth domain manager and org product admin roles.
- New Relic OrgId: The New Relic
OrgIdwill identify which organization you are getting your client ID key and secret from. - Kubernetes cluster name: Have the name of your Kubernetes cluster ready, as it will be referenced during the installation process.
Sugerencia
When setting up a new cluster with Terraform, make sure to use the same cluster name during the installation of agent control. - Helm provider for Terraform: Include the Helm provider in your Terraform script for the installation to work.
- Terraform: Make sure you have Terraform installed on your machine.
Compatibility
To find out which Kubernetes versions are compatible with this solution, refer to the compatibility section in the overview.
Install
If you don't have your clientId and clientSecret, fetch them using the following NerdGraph API:
$curl -X POST \> https://api.newrelic.com/graphql \> -H 'Content-Type: application/json' \> -H 'x-api-key: [INSERT_USER_API_KEY]' \> --data-raw '{"query": "mutation SICreate { systemIdentityCreate(name: \"User Key for Agent Control\" organizationId: \"[INSERT_YOUR_ORG_ID]\") { clientId clientSecret } }"}' \> --compressedIn the command, replace the placeholder values with your organizationId and user key. This returns the required credentials that you'll use in your configuration file.
Step 1
Create a directory for your project and place your main.tf file inside it. Confirm that you have added the Helm provider to your Terraform file.
Step 2
Configure your Terraform script with a Helm release that uses New Relic's charts for Agent Control. See the sample script below:
provider "helm" { kubernetes { config_paths = [ "~/.kube/config" ] }}
resource "helm_release" "newrelic" { name = "agent-control" repository = "https://newrelic.github.io/helm-charts/" chart = "agent-control" namespace = "newrelic" create_namespace = "true"
values = [ file("./values-newrelic.yaml") ]}Note that the Terraform script references a values-newrelic.yaml file. This is the New Relic Agent Control configuration file that will be used for setting up Agent Control. It does not need to be in the same directory as the Terraform script. You can reference it from any location by providing the correct path in the file() function within the values attribute of the helm_release resource.
Or, if you place the values-newrelic.yaml file directly in the Terraform project directory, the main.tf script will automatically reference it.
Here is an example of a basic values-newrelic.yaml file with no additional configuration included:
global: cluster: [YOUR_CLUSTER_NAME] licenseKey: [YOUR_INGEST_LICENSE_KEY]
agent-control-deployment: identityClientId: [YOUR_IDENTITY_CLIENT_ID] identityClientSecret: [YOUR_IDENTITY_CLIENT_SECRET] config: fleet_control: # optional fleet_id: [YOUR_FLEET_ENTITY_GUID] auth: organizationId: [ORG_ID] agentControl: content: log: level: traceTo explore all available configuration settings, refer to values-newrelic.yaml.
Step 3
Initialize and review the Terraform script:
$terraform init$terraform planStep 4
Apply your changes:
$terraform applyStep 5
Check to make sure the agent pods get built out correctly using Kube Control:
$kubectl get pods -n newrelicConfiguration
In values-newrelic.yaml, you can configure the installation of multiple monitoring agents. This example shows the options available, including New Relic's infrastructure agent, Fluent Bit logs agent, OpenTelemetry collector agent, and New Relic Pipeline Control gateway agent:
agent-control-deployment: identityClientId: [YOUR_IDENTITY_CLIENT_ID] identityClientSecret: [YOUR_IDENTITY_CLIENT_SECRET] config: subAgents: infrastructure: type: newrelic/com.newrelic.infrastructure:0.1.0 content: chart_version: "*" chart_values: newrelic-infrastructure: enableProcessMetrics: true logs: type: newrelic/io.fluentbit:0.1.0 content: # Ref: `https://github.com/newrelic/helm-charts/tree/master/charts/newrelic-logging` # Recommended: check and define an explicit chart version (latest stable) chart_version: "*" chart_values: newrelic-logging: sendMetrics: true agent-operator: type: com.newrelic.k8s_agent_operator:0.1.0 content: chart_version: "*" open-telemetry: type: newrelic/io.opentelemetry.collector:0.1.0 content: # Ref: `https://github.com/newrelic/helm-charts/blob/master/charts/nr-k8s-otel-collector/values.yaml` # Recommended: check and define an explicit chart version (latest stable) chart_version: "*" chart_values: nr-k8s-otel-collector: receivers.filelog.enabled: false gateway: type: newrelic/com.newrelic.pipeline_control_gateway:0.1.0 content: chart_version: "*" chart_values: gateway: autoscaling: minReplicas: 2 maxReplicas: 10 targetCPUUtilizationPercentage: 70Uninstall
Importante
Removing a Helm release resource from your Terraform configuration is a destructive action. After you run terraform apply following this change, Terraform will uninstall and destroy the related resources in your Kubernetes cluster. This can result in the loss of data and configurations tied to the resources managed by that Helm release. Before proceeding, make sure you fully understand the potential impact on your environment:
- Review all dependencies and services that might be affected.
- Consider backing up any persistent data or configurations linked to the release.
- Confirm that removing this release is necessary and fits your infrastructure management strategy. Always exercise caution when making significant changes to your infrastructure, and ensure you have proper rollback procedures in place in case something goes wrong.
- Run
terraform plan: After removing the Helm release resource block from your configuration, run theterraform plancommand. This allows you to review the changes Terraform plans to make to your infrastructure. Carefully examine the plan output to ensure that only the intended resources are marked for deletion. This step is essential to verify that no unintended deletions or changes will occur. - Run
terraform apply: If the terraform plan results align with your expectations, proceed by running theterraform applycommand. This will implement the planned changes, effectively removing the specified Helm release from your environment. Confirm the execution when prompted to complete the uninstallation process.